I'm the IT director at a MMJ dispensary. The point of sales system we were using last week was hacked. Here is The Boston Globes Coverage on it.
This system was built on Drupal in 2010. I'm guessing the more they modified the drupal core, the more bugfixed versions behind they fell behind (not to mention the rest of the LAMP stack). They've lost all customer data, meaning there was no airgapped, off the net backups. What scares me about this breach is, I have about 30,000 patients in my database alone. If this company has 1000 more customers like me, even half of that is still 15 million people on a list of people that "Smoke pot" potentially floating out there on the net. I guess because we're "Medicinal" it's no better than someone knowing a person takes Xanax for their nerves.
I feel like this company is playing on the ignorance of the general public when it comes to these types of IT security issues. I don't think people get how serious this is.What should I do? Do we still have lawyers on this site? (oldcountrylawyer?)